()
| 1002 | } |
| 1003 | |
| 1004 | func (hs *serverHandshakeStateTLS13) sendServerFinished() error { |
| 1005 | c := hs.c |
| 1006 | |
| 1007 | finished := &finishedMsg{ |
| 1008 | verifyData: hs.suite.finishedHash(c.out.trafficSecret, hs.transcript), |
| 1009 | } |
| 1010 | |
| 1011 | if _, err := hs.c.writeHandshakeRecord(finished, hs.transcript); err != nil { |
| 1012 | return err |
| 1013 | } |
| 1014 | |
| 1015 | // Derive secrets that take context through the server Finished. |
| 1016 | |
| 1017 | hs.masterSecret = hs.handshakeSecret.MasterSecret() |
| 1018 | |
| 1019 | hs.trafficSecret = hs.masterSecret.ClientApplicationTrafficSecret(hs.transcript) |
| 1020 | serverSecret := hs.masterSecret.ServerApplicationTrafficSecret(hs.transcript) |
| 1021 | c.out.setTrafficSecret(hs.suite, QUICEncryptionLevelApplication, serverSecret) |
| 1022 | |
| 1023 | if c.quic != nil { |
| 1024 | if c.hand.Len() != 0 { |
| 1025 | // TODO: Handle this in setTrafficSecret? |
| 1026 | c.sendAlert(alertUnexpectedMessage) |
| 1027 | } |
| 1028 | c.quicSetWriteSecret(QUICEncryptionLevelApplication, hs.suite.id, serverSecret) |
| 1029 | } |
| 1030 | |
| 1031 | err := c.config.writeKeyLog(keyLogLabelClientTraffic, hs.clientHello.random, hs.trafficSecret) |
| 1032 | if err != nil { |
| 1033 | c.sendAlert(alertInternalError) |
| 1034 | return err |
| 1035 | } |
| 1036 | err = c.config.writeKeyLog(keyLogLabelServerTraffic, hs.clientHello.random, serverSecret) |
| 1037 | if err != nil { |
| 1038 | c.sendAlert(alertInternalError) |
| 1039 | return err |
| 1040 | } |
| 1041 | |
| 1042 | c.ekm = hs.suite.exportKeyingMaterial(hs.masterSecret, hs.transcript) |
| 1043 | |
| 1044 | // If we did not request client certificates, at this point we can |
| 1045 | // precompute the client finished and roll the transcript forward to send |
| 1046 | // session tickets in our first flight. |
| 1047 | if !hs.requestClientCert() { |
| 1048 | if err := hs.sendSessionTickets(); err != nil { |
| 1049 | return err |
| 1050 | } |
| 1051 | } |
| 1052 | |
| 1053 | return nil |
| 1054 | } |
| 1055 | |
| 1056 | func (hs *serverHandshakeStateTLS13) shouldSendSessionTickets() bool { |
| 1057 | if hs.c.config.SessionTicketsDisabled { |
no test coverage detected